The document discusses changes to the requirements of PCI DSS 3.0 that will impact organizations. It highlights new requirements for annual penetration testing, documenting vulnerabilities from the past 12 months, and conducting a risk assessment based on an industry framework. These changes will significantly increase the resources needed for compliance.